The National Institute of Standards and Technology has updated its key management guidance in Special Publication (SP) 800-57 Part 1 Revision 5, Recommendation for Key Management: Part 1 – General.
SP 800-57 Part 1 Rev 5 provides cryptographic key-management guidance. The guidance consists of three parts. Part 1 provides general guidance and best practices for the management of cryptographic keying material, including definitions of the security services that may be provided when using cryptography and the algorithms and key types that may be employed. Part 1 also provides specifications of the protection that each type of key and other cryptographic information requires and methods for providing this protection, discussions about the functions involved in key management, and discussions about a variety of key-management issues to be addressed when using cryptography, NIST officials explained.
Part 2 provides guidance on policy and security planning requirements for U.S. Government agencies. Part 3 provides guidance when using the cryptographic features of current systems.
The Recommendation provides general guidance and best practices for the management of cryptographic keying material. Among other changes, this revision:
- emphasizes the protection needed for the metadata associated with keys;
- includes discussions on access control, identity authentication, and inventory management for keys and certificates; and
- provides guidance consistent with Federal Information Processing Standards (FIPS) Publication 201, Personal Identity Verification (PIV) of Federal Employees and Contractors, and SP 800-63-3, Digital Identity Guidelines.
Appendix C contains a complete list of changes.
Special Publication (SP) 800-57 Part 1 Revision 5 supersedes: SP 800-57 Part 1 Rev. 4 (01/28/2016)